Potential security issue in bubble?

fok_ste · January 2, 2022, 9:26am

In the sourcecode of the an app page you can see that some javascript files will be loaded.

if you open the file you can see all api connectors with the expected data result incl all fields (also the fields that are set on ignore, AND also all database/table fields (w/o values)

In my opinion this could be a interesting page to look for some provided api tokens and also to get known the database structure.

What do you think? Am I wrong?

@emmanuel

johnny · January 2, 2022, 5:11pm

Hmm not totally sure but you can send it over to security@bubble.io just to be safe

buero · January 2, 2022, 6:32pm

seems normal.

Look here:

fok_ste · January 2, 2022, 7:04pm

I know that its “by design”. But the question is - is this a potential security risk as every visitor knows exactly what kind of api-calls and responses you are using/awaiting and how the database structure looks like.

system · March 13, 2022, 9:27am

This topic was automatically closed after 70 days. New replies are no longer allowed.